def accept_consent_challenge(api_instance: AdminApi,
consent_challenge: str, requested_scope):
body = ory_hydra_client.AcceptConsentRequest(
grant_scope=requested_scope, remember=True, remember_for=3600)
api_response = api_instance.accept_consent_request(consent_challenge,
body=body)
return {'redirectUrl': api_response.redirect_to}
def accept_login_request(api_instance: AdminApi, login_challenge, subject):
# subject must be equal to the user's id genereted by ory kratos
# if remember is not set loging out may not work as expected!!!
body = ory_hydra_client.AcceptLoginRequest(subject=subject,
remember=True,
remember_for=3600)
api_response = api_instance.accept_login_request(login_challenge,
body=body)
return {'redirectUrl': api_response.redirect_to}
def __init__(self, hydra_admin_url: str) -> None:
self._api = AdminApi(ApiClient(Configuration(hydra_admin_url)))
class HydraAdminAPI:
"""A wrapper for the Hydra SDK's admin API."""
def __init__(self, hydra_admin_url: str) -> None:
self._api = AdminApi(ApiClient(Configuration(hydra_admin_url)))
def introspect_token(
self,
access_or_refresh_token: str,
required_scope_ids: list[str] = None,
) -> OAuth2TokenIntrospection:
"""Check access/refresh token validity and return detailed
token information."""
kwargs = dict(token=access_or_refresh_token)
if required_scope_ids is not None:
kwargs |= dict(scope=' '.join(required_scope_ids))
return self._api.introspect_o_auth2_token(**kwargs)
def list_clients(self) -> list[HydraClient]:
"""Return a list of all OAuth2 clients from Hydra."""
oauth2_clients = self._api.list_o_auth2_clients()
return [
HydraClient.from_oauth2_client(oauth2_client)
for oauth2_client in oauth2_clients
]
def get_client(self, id: str) -> HydraClient:
"""Get an OAuth2 client configuration from Hydra."""
oauth2_client = self._api.get_o_auth2_client(id=id)
return HydraClient.from_oauth2_client(oauth2_client)
def create_or_update_client(
self,
id: str,
*,
name: str,
secret: Optional[str],
scope_ids: Iterable[str],
grant_types: Iterable[GrantType],
response_types: Iterable[ResponseType] = (),
redirect_uris: Iterable[str] = (),
post_logout_redirect_uris: Iterable[str] = (),
token_endpoint_auth_method:
TokenEndpointAuthMethod = TokenEndpointAuthMethod.CLIENT_SECRET_BASIC,
allowed_cors_origins: Iterable[str] = (),
) -> None:
"""Create or update an OAuth2 client configuration on Hydra.
On update, pass `secret=None` to leave the client secret unchanged.
"""
kwargs = dict(
client_id=id,
client_name=name,
scope=' '.join(scope_ids),
grant_types=StringArray(list(grant_types)),
response_types=StringArray(list(response_types)),
redirect_uris=StringArray(list(redirect_uris)),
post_logout_redirect_uris=StringArray(
list(post_logout_redirect_uris)),
token_endpoint_auth_method=token_endpoint_auth_method,
allowed_cors_origins=StringArray(list(allowed_cors_origins)),
contacts=StringArray([]),
)
if secret is not None:
kwargs |= dict(client_secret=secret)
oauth2_client = OAuth2Client(**kwargs)
try:
self._api.create_o_auth2_client(oauth2_client)
except ApiException as e:
if e.status == 409:
self._api.update_o_auth2_client(id, oauth2_client)
else:
raise # todo: raise our own exception class here
def delete_client(self, id: str) -> None:
"""Delete an OAuth2 client configuration from Hydra."""
self._api.delete_o_auth2_client(id=id)
def reject_consent_challenge(api_instance: AdminApi,
consent_challenge: str):
body = ory_hydra_client.RejectRequest()
api_response = api_instance.reject_consent_request(consent_challenge,
body=body)
return {'redirectUrl': api_response.redirect_to}
def reject_login_request(api_instance: AdminApi, login_challenge):
# this function has to be tested
body = ory_hydra_client.RejectRequest()
api_response = api_instance.reject_login_request(login_challenge,
body=body)
return {'redirectUrl': api_response.redirect_to}